Logistics technology company Pitney Bowes has become the latest organization named in the breach spree attributed to ShinyHunters, according to data breach tracker Have I Been Pwned (HIBP). The confirmed leak reportedly includes 8.2 million unique email addresses, along with names, phone numbers, and physical addresses.
HIBP said the breach was confirmed on April 27. A smaller portion of the data trove appears to relate to company employment records and includes job titles. The source material does not confirm a root cause for the incident.
What the breach appears to contain
The available reporting says the alleged data dump associated with Pitney Bowes includes several categories of personal information. The most prominent item is the large set of unique email addresses, but the dataset is also said to contain contact and address details.
- 8.2 million unique email addresses
- Names
- Phone numbers
- Physical addresses
- A smaller subset of employment records
- Job titles in that employment subset
That mix of data suggests the breach may affect both customer-facing records and internal personnel information, although the scope of exposure has not been fully detailed in the source material.
Pitney Bowes and its business footprint
Pitney Bowes may not be widely recognized by name outside business and shipping circles, but it is a substantial US-based technology company. It produces franking machines for US postage and also provides shipping software and mailing technologies used in shipping centers.
According to the source, the company says it serves more than 600,000 clients worldwide and posted $1.9 billion in revenue in 2025. Those details help explain why a breach involving its data could be significant: Pitney Bowes operates in logistics and mailing workflows that touch a large customer base.
ShinyHunters’ recent run of claims
The Pitney Bowes incident is only the latest in a series of attacks or claimed attacks tied to ShinyHunters. HIBP has been tracking and verifying the group’s claims as they emerge, and several have already been confirmed.
Confirmed cases mentioned in the source include Rockstar Games and ADT. The group has also claimed attacks on Udemy, Carnival Cruises, and the Asian Football Confederation. In the Asian Football Confederation case, the alleged leak reportedly included tens of thousands of professional footballers’ personal information and document scans.
Earlier in this wave, ShinyHunters was also linked to attacks on Match Group and Dutch telco Odido. In March, the group told The Register that it had accessed data belonging to nearly 400 companies via a Salesforce breach. The source also notes that ShinyHunters was partly behind the widespread attacks on Salesloft Drift last year, acting with other crime crews under the name Scattered Lapsus$ Hunters, and later involved in attacks affecting hundreds more Salesforce customers in 2025.
What is known so far
The reporting around Pitney Bowes is still developing, and the company had not provided additional details at the time of publication. The Register said attempts to reach press-specific email addresses bounced back, while an investor relations contact was active but did not immediately respond.
Based on the available source information, the key facts are straightforward:
- HIBP confirmed the Pitney Bowes breach on April 27
- The dump includes 8.2 million unique email addresses
- Additional fields include names, phone numbers, and physical addresses
- A smaller subset contains employment records and job titles
- The root cause has not been confirmed in the source
For now, Pitney Bowes joins a growing list of companies named in ShinyHunters-related disclosures, underscoring the continuing pace of the group’s reported breach activity.
As more details emerge, the main unanswered question remains how the data was obtained. Until that is confirmed, the incident should be treated as an active and evolving breach investigation rather than a finished case.